CVE-2012-0985 – Sony VAIO Wireless Manager 4.0.0.0 - Buffer Overflow

https://notcve.org/view.php?id=CVE-2012-0985

Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method. Múltiples desbordamientos de búfer en el control ActiveX de Wireless Manager v4.0.0.0 en WifiMan.dll en Sony VAIO PC Wireless LAN Wizard v1.0, VAIO Wireless Wizard v1.00, v1.00_64, v1.0.1, v2.0 y v3.0; SmartWi Connection Utility v4.7, v4.7.4, v4.8, v4.9, v4.10 y v4.11 y el software VAIO Easy Connect v1.0.0 y v1.1.0 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de una cadena larga en el segundo argumento de los metodos (1) SetTmpProfileOption o (2) ConnectToNetwork. Wireless Manager Sony VAIO version 4.0.0.0 suffers from multiple buffer overflow vulnerabilities. • https://www.exploit-db.com/exploits/18958 http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.html http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946 http://osvdb.org/82401 http://secunia.com/advisories/49340 http://www.exploit-db.com/exploits/18958 http://www.securityfocus.com/bid/53735 https://exchange.xforce.ibmcloud.com/vulnerabilities/75978 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •